OAuth 2.0 Client type (application type) – Confidential – Public Grant type (handshake/dance) – authorization code – Implicit grant – client credential – resource owner password Token : Bearer (self contained) Extension/Customization – Added Values Allow you to share your resources with a third party application without sharing your credentials with the third party application Authorization Code Grant Type
Quick summary of the OAuth support provided by IBM WebSphere DataPoewr
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
OAuth 2.0
Client type (application type)– Confidential– Public
Grant type (handshake/dance)– authorization code– Implicit grant– client credential– resource owner password
Token : Bearer (self contained)
Extension/Customization– Added Values
Allow you to share your resources with a third party application without sharing your credentials with the third party application
Authorization Code Grant Type
Authorization EndpointObtain authorization/consent from end user
Token EndpointExchange a temporary authorization for the actual access permission
(in the form of access_token)
AuthorizationEndpoint
TokenEndpoint
DataPower Enforcement for Resource Server
Authorization Code
4
Alice launches an application
Resource Owner(Alice)
OAuth 2.0 – Authorization Code
authz
token
DataPower
resource
5
Resource Owner(Alice)
OAuth 2.0 – Authorization Code
HTTP 302Alice is redirected to an OAuth authorization server, so user can grant access to the application.
authz
token
DataPower
resource
6
Resource Owner(Alice)
OAuth 2.0 – Authorization Code
HTTP 302..A temporary code is issued to the application
authz
token
DataPower
resource
7
Resource Owner(Alice)
OAuth 2.0 – Authorization Code
HTTPAuthorization: Basic client_id:client_secret
Exchange temporary code for access permission
authz
token
DataPower
resource
8
Resource Owner(Alice)
OAuth 2.0 – Authorization Code
Access resource with access_token
authz
token
DataPower
resource
Implicit
10
Alice launches an application
Resource Owner(Alice)
OAuth 2.0 – Implicit
authz
DataPower
resource
11
Resource Owner(Alice)
OAuth 2.0 – Implicit
HTTP 302Alice is redirected to an OAuth authorization server, so user can grant access to the application.